[Zope] Re Re: Regular expressions insecurity?

[Tue Wennerberg]

Dennis Allison wrote:
> According to an earlier post, re is not available n Python Scripts
> because they can be the source of a DOS attack.

Yes, I hear that, but I'm not convinced. What exactly can regular 
expressions do, that Python scripts can't?

> In my systems, I've
> decided that such attacks are an acceptable risk.  I have enable re for
> Python Scripts in my system(s).  Apparently this is a common practice.
> Follow the instructions in the PythonScript sources.  Of course, you 
> need source code access.

Many people will be be willing to accept that risk. But noone really 
knows if they're taking a risk of being further compromised, since the 
implications are not described anywhere (or maybe they are, and I simply 
haven't found it).

-- 
Mvh. Tue Wennerberg
Civilingeniør og Freelance Udvikler
http://tuewennerberg.dk/ - tue@wennerberg.dk - (+45) 4043 6735